From: Nikita Popov Date: Fri, 19 Dec 2014 20:40:54 +0000 (+0100) Subject: Fix bug #67111 X-Git-Tag: php-5.6.5RC1~36^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aa394e70ff8cda63ee4382d2488d80936e5122dc;p=php Fix bug #67111 Loop variables need to be freed for both "break" and "continue". I'm adding the test to Zend/ because it's good to have a test for this even without opcache. --- diff --git a/NEWS b/NEWS index 4a321a5873..8d6fdff92b 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ PHP NEWS - Mcrypt: . Fixed possible read after end of buffer and use after free. (Dmitry) +- Opcache: + . Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach + loops). (Nikita) + - Pcntl: . Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien) diff --git a/Zend/tests/bug67111.phpt b/Zend/tests/bug67111.phpt new file mode 100644 index 0000000000..0fdfdfb517 --- /dev/null +++ b/Zend/tests/bug67111.phpt @@ -0,0 +1,20 @@ +--TEST-- +Bug #67111: Memory leak when using "continue 2" inside two foreach loops +--FILE-- + +--EXPECT-- +1.1 +2.1 +3.1 diff --git a/ext/opcache/Optimizer/pass2.c b/ext/opcache/Optimizer/pass2.c index 30708a0935..8704b787a9 100644 --- a/ext/opcache/Optimizer/pass2.c +++ b/ext/opcache/Optimizer/pass2.c @@ -175,9 +175,9 @@ if (ZEND_OPTIMIZER_PASS_2 & OPTIMIZATION_LEVEL) { jmp_to = &op_array->brk_cont_array[array_offset]; array_offset = jmp_to->parent; if (--nest_levels > 0) { - if (opline->opcode == ZEND_BRK && - (op_array->opcodes[jmp_to->brk].opcode == ZEND_FREE || - op_array->opcodes[jmp_to->brk].opcode == ZEND_SWITCH_FREE)) { + if (op_array->opcodes[jmp_to->brk].opcode == ZEND_FREE || + op_array->opcodes[jmp_to->brk].opcode == ZEND_SWITCH_FREE + ) { dont_optimize = 1; break; }